Last Call Review of draft-ietf-lisp-mib-08
review-ietf-lisp-mib-08-secdir-lc-kumari-2013-06-27-00

Request Review of draft-ietf-lisp-mib
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-07-09
Requested 2013-01-10
Authors Gregg Schudel, Amit Jain, Victor Moreno
Draft last updated 2013-06-27
Completed reviews Genart Last Call review of -08 by Miguel García (diff)
Genart Telechat review of -11 by Suresh Krishnan (diff)
Secdir Last Call review of -08 by Warren Kumari (diff)
Assignment Reviewer Warren Kumari
State Completed
Review review-ietf-lisp-mib-08-secdir-lc-kumari-2013-06-27
Reviewed rev. 08 (document currently at 13)
Review result Has Nits
Review completed: 2013-06-27

Review
review-ietf-lisp-mib-08-secdir-lc-kumari-2013-06-27

Be ye not afraid….

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This draft defines a MIB for monitoring LISP devices. 
This set off the standard "Nooooo… SNMP Write… Noooo…." alarm bells, but then I skipped down to the Security Considerations section and saw that authors had anticipated my shrieks of despair and that the draft says that there are no read-write / read-create objects.

The Security Considerations section seems well written and complete. It makes a suggestion that SNMPv3, with crypto goodness, be used to access this MIB.
It also claims that there is no exposed objects in the MIB that are considered sensitive. I don't LISP, and so don't know what all might be considered sensitive, but from reading most of the descriptions, and applying some common-sense the claim seems reasonable.

-----------

Two questions / nits:
1: The DESCRIPTION for 'lispMIBTuningParametersGroup' says: "A collection of writeable objects used to…" but these seem Read-only. It is possible I misunderstand the description.

2: The Security Considerations section points out that SNMP prior to V3 doesn't have adequate security, and that there is no control who can GET/**SET**  things (emphasis mine). I suspect that this was lifted verbatim from e.g 

http://tools.ietf.org/html/rfc5834

.

As there is no set / write in this MIB I think that removing the mention of setting things would be clearer.
s/to access and GET/SET (read/change/create/delete) the objects/to access the objects/ 


Apologies for how late this review is. I was filtering the SecDir assignments into an incorrect folder and so missed it completely.

W




--
Some people are like Slinkies......Not really good for anything but they still bring a smile to your face when you push them down the stairs.